package com.bd.scm.interceptor;

import com.alibaba.fastjson.JSON;
import com.bd.scm.domain.dto.login.UserInfoLoginDto;
import com.bd.scm.module.enums.ExceptionEmun;
import com.bd.scm.module.utils.ResultUtil;
import com.bd.utils.HttpKit;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;


@Component
@Slf4j
public class SecurityInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o) throws Exception {

        log.info("requestURL:{},method:{}" , request.getRequestURL().toString(),request.getMethod());


        UserInfoLoginDto userInfo = JSON.parseObject(String.valueOf(request.getSession().getAttribute("user")), UserInfoLoginDto.class);
        if (userInfo == null) {
            String content = JSON.toJSONString(ResultUtil.errorLogin());
            printContent(request, httpServletResponse, content);

            httpServletResponse.setStatus(401);
            return false;
        }
        //如果用户是非登录用户，则拒绝用户请求
//        log.info("userInfo: {}", String.valueOf(request.getSession().getAttribute("user")));

        return true;
    }

    private static void printContent(HttpServletRequest request, HttpServletResponse response, String content) {
        try {
            String origin = request.getHeader("Origin");
            response.setHeader("Access-Control-Allow-Origin", origin);
            response.setHeader("Access-Control-Allow-Methods", "*");
            response.setHeader("Access-Control-Allow-Headers","Origin,Content-Type,Accept,token,X-Requested-With");
//            response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
            response.setHeader("Access-Control-Allow-Credentials", "true");

            response.setContentType("application/json");
//            response.setHeader("Cache-Control", "no-store");
            response.setCharacterEncoding("UTF-8");
            PrintWriter pw = response.getWriter();
            pw.write(content);
            pw.flush();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void printResponse(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(401);
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        log.debug("done requestURL:" + httpServletRequest.getRequestURL().toString());
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
//        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
////        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Requested-With, token");
//        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT, DELETE");
//        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
//        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
    }
}